Data Integrity

Diffie-Hellman (DH) is not an encryption mechanism and is not typically used to encrypt data. Instead, it is a method to securely exchange the keys that encrypt data. (DH) algorithms allow two parties to establish a shared secret key that is used by encryption and hash algorithms.

Introduced by Whitfield Diffie and Martin Hellman in 1976, DH was the first system to utilize public key or asymmetric cryptographic keys. Today, DH is part of the IPsec standard. Also, a protocol known as OAKLEY uses a DH algorithm. OAKLEY is used by the IKE protocol, which is part of the overall framework called Internet Security Association and Key Management Protocol.

Encryption algorithms such as DES, 3DES, and AES, as well as the MD5 and SHA-1 hashing algorithms require a symmetric, shared secret key to perform encryption and decryption. How do the encrypting and decrypting devices get the shared secret key? The easiest key exchange method is a public key exchange method between the encrypting and decrypting devices.

The DH algorithm specifies a public key exchange method that provides a way for two peers to establish a shared secret key that only they know, although they are communicating over an insecure channel. Like all cryptographic algorithms, DH key exchange is based on a mathematical sequence of steps.